"...but the announcement by the IC3 originally had no details so
this caused far more concern than it should have merited. They've
updated their announcement to reflect the change.
"Additionally, it's interesting that this particular bug is
being exploited in any large-scale way on the remaining systems
that are unpatched. It would be highly unusual and almost
consciously unsafe for an administrator to configure their system
in such a way as to make this a problem. But I suppose if it's
possible, someone will configure it that way.
"Here's our updated page with details:
John Todd email@example.com
Open Source Community Director